Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
8/1/17
1
Security&PrivacyinContent-CentricNetworking
(CCN)
§ Security of Embedded Devices (ES/CPS/IoT) § Privacy-Agile Cryptographic Techniques
§ Cloud/DB apps § Genomic S&P § Input size-hiding
§ Privacy in Social Networks § Usable Security § Biometrics + De-authentication + Attacks § S&P in ICN/CCN/NDN
For more info see: sprout.ics.uci.edu
8/1/17
2
OUTLINE• Internet• CCNOverview• CCNSecurity&Privacy• AnonymousContentRetrieval• CachePrivacy• DenialofService• Network-LayerTrust• OtherTopics?
– AccessControl,AccounIng,FragmentaIon,NACKs
NEEDTOKNOW(forthistalk)
• Basicnetworking&Internetconcepts
• Networksecurityprinciples– Protocols
• Basicknowledgeofappliedcryptography– BasiccryptographicprimiIves
8/1/17
3
5
• Tremendous,unexpected,unprecentedandlong-lasIngglobalsuccessstory
• 35-year-olddesign:architecturedefinedinRFC791/793(1981andearlier)
• Enablesanyhosttotalktoanyotherhosto Namesboxesandinterfaceso Supportsend-to-endconversaIonso ProvidesunreliablepacketdeliveryviaIPdatagramso CompensatesforsimplicityofIPviacomplexityof
TCP
6
• Helpedfacilitatetoday’srichglobal-scalecommunicaIon
• But,wasnotdesignedforit
• FundamentalcommunicaIonmodel:point-to-pointconversaIonbetweentwohosts(IPinterfaces)
• ThecentralabstracIonisahostidenIfiercorrespondingtoanIPaddress
8/1/17
4
7
• Last20years–profoundchangeinnatureofInternetcommunicaIono Fromemail/`p/telnetto…o Fromafewthousandsofusersto…o FromstaIcwirednodes(computers,terminals)to…o Fromfriendly,clubby,trusIngambience,to…
• Massiveamountsofdataconstantlyproducedandconsumed• Web(esp.mediasharingandsocialnetworking),• Audio-/video-conferencing
• Notethat:• EmailandremoteloginaresIllaround• Messagingtoo• Plus,there’sIoT…
KeyAspectsofInternetChange
• MulImediacontent• Mobility/Wireless-ness
àDelaysandDisrupIons• DistribuIonScale• Cloud• IoT?
8/1/17
5
9
• S&PinthecurrentInternetarecertainlyNOTasuccessstory
• Retrofided,incremental,bandaid-stylesoluIons,e.g.:• SSH,• SSL/TLS(HTTPS),• IPSec+IKE+ISAKMP,• DNSSec,• sBGP,• AAA,etc.
• TargetedNSF-fundedprogram,2-IeredcompeIIon• Majorgoals:
• Designcomprehensivenext-generaIonInternetarchitectures• Accommodatecurrentandemergingcomm.paradigms• Securityandprivacyfromtheoutset(bydesign)
• Startedin2010• PhaseI:2010-2014• PhaseII:2014-2018
• Projects:• Nebula(PhaseI)• MobilityFirst(PhasesIanII)• XIA:eXpressiveInternetArchitecture(PhasesIandII)• NDN:Named-DataNetworking(PhasesIandII)• ChoiceNet(startedin2012,notstrictlyspeakingFIA)
8/1/17
6
CaveatAuditor!
• IwaspartoftheNDNFIAproject2010-2014• Work(ed)onS&PinNDN(andCCN)• WasfundedbytheNSF(‘Ill09/15)• Thus…takeeverythingwithagrainofsalt,drawyourownconclusions,andexplorefurther
Also:• IfocusonCCN=NDNandCCNx• ThereareotherICNefforts,e.g.,formobilenets
CCN=NDN+CCNx
8/1/17
7
Pointers
• Nameddatanetworkingproject(NDN),hdp://named-data.org• Content-centricnetworking(CCNx)project,hdp://www.ccnx.org• Intro:“Networkingnamedcontent”,ACMCoNEXT,2009
• IEEEInfocomNOMENWorkshop2012,2013• ACMICNWorkshop/Conference:2012-2013,2014-2017• VeryacPveIRTFICNResearchGroup(ICNRG)
hQps://trac.ieU.org/trac/irU/wiki/icnrghQps://irU.org/icnrg
• DagstuhlSeminarson:– GeneralICN(3total)– ICNSecurity&Privacy(2total),latest:hdp://www.dagstuhl.de/en/program/calendar/semhp/?semnr=16251
14
• Foralmost150years,communicaIonmeant:AwireconnecPngtwodevices
• TheWebforeverchangedthat:WhatmaQersiscontent,notthehostitcamefrom
8/1/17
8
15
Today’sInternet:acommunicaIonnetwork,usedasadistribuIonnetwork
Communication Distribution
Naming Endpoints Content
Memory Invisible, LimitedExplicit;
Storage = Wires
SecurityCommunication
processContent
16
8/1/17
9
17
18
Ca.2009 Ca.2013 Ca.mid-2016
NDN/CCNxsplit
CCNbirthatPARC
PARCsellsCCNxtoCISCOConvergenceeffortstarts
CCN/NDN NDN(NSF/UCLA)
CCNx(PARC)
8/1/17
10
19
20
ISP
ISP
8/1/17
11
21
ISP
ISP
22
• NameØ Human-readable,similartoURIØ Canbeconsideredasanetwork-layerURL
• Roles:Ø Consumer
Ø ProducerØ Router
• Objects:Ø ContentØ Interest
8/1/17
12
23
• Host• Interfaceaddress(IPaddress)• Datagram/Packet
• Router
24
Implicit Hash!
8/1/17
13
25
Consumer Producer Interest Interest Interest Interest
• Carries content name • No source/destination
address
• Named data (content) • Routed using state
26
Interest Incoming IF
/ccn/uci/content IF0
Interest: /ccn/uci/content Interest: /ccn/uci/content
IF0
IF1
IF2
IF3
/ccn/uci/content
Interest: /ndn/uci/content Every router has a: • PIT: Pending Interest Table • CS: Content Store (Cache) • FIB: Forwarding Information Base
, IF3
8/1/17
14
27
• MainoperaIonisprefix-basedlongestmatchlookup,likeIP
• InterestsareforwardedaccordingtorouIngtable(FIB),butmulIpointforwarding,broadcast,localfloodingareallokay
• Datafollowsinterestpathinreverse
(Cache)
(PIT)
28
• RouIngbasedonnameprefixes+reachability,likeIP• CanreuseIProuIngprotocols,e.g.,IS-IS,BGP
8/1/17
15
29
Security
• Now: secure the pipe • Data is authentic because it emanates from the right box (which is an
end-point of the right secure pipe)
• CCN: Integrity and trust are properties of content • Should be inferred from content itself
8/1/17
16
Securing Content: how?
Current SSL/TLS 3-way handshake model is not a good fit for CCN: – Secures channel, not data – Authentic content can come from anywhere – But, access control (and accounting) is difficult – After content retrieved from origin, it’s served by the
network (from caches) IPSec is also not a good fit for CCN…
Authenticity of Content
Content requested by a consumer can be retrieved from anywhere
• How can it be trusted? • How do we know who produced it? • How do we know it is the correct content?
8/1/17
17
Securing Content
• Integrity: is data intact and complete?
• Origin: who produced it?
• Correctness: is this (content) what consumer wants (based on interest)?
• Bonus feature: routers can choose to verify content (with caveats)
CCN Content object:
Private Content (aka Content Access Control)
Access to content can be restricted, e.g.:
• Encrypt once with a symmetric key • Distribute this key to authorized consumers using
“standard” techniques (pigeons?) • Access control on key rather than content
• This can make long-term secrecy problematic
Time permitting, we might come back to this topic…
8/1/17
18
Trust Model?
• All content is signed • Interests are not… • CCN is PKI-agnostic • Application-specific vs. network-layer trust
CCN: Privacy Benefits
• Interest has no source address/identifier • Content can be routed without knowing
consumer identity and/or location • One observed interest may correspond to
multiple consumers at various locations • Router caches reduce effectiveness of
observers close to producers
8/1/17
19
CCN: Privacy Challenges • Name privacy in interests
/CCN/us/wikipedia/STDs/herpes
• Name privacy in content
/CCN/zimbabwe/piratebay/XSOQW(#E@UED$%.mp3
• Signature privacy
• Leaks content publisher identity
• Classical privacy vs. security conflict
• Cache privacy
• Detectable hits/misses
CCN: Security Benefits
• Simplicity • All content is signed • No need for security handshakes in real time • A producer’s public key is a type of content
– Consumer first fetches producer’s PKC, then requests content (signed by that producer)
8/1/17
20
39
• Aproducer’spublickeyisatypeofcontent,i.e.,apublickeycerIficate(PKC)• Reminder:aconsumerdoesn’tneedakey
• Containsauthorizednameprefixesunderwhichcontentcanbepublished
• Bindsthemtoapublickey • For example:
/ccn/cnn/usa/web/key /ccn/verisign/europe/key /ccn/us/ca/edu/uc/uci/cs/gene.tsudik/key
39
CCN: Security Challenges
• State in routers is both a blessing and a curse • Such state is a resource that can be abused • DoS attacks:
– Interest Flooding – Content Poisoning: proactive & reactive
• Covert Channels & Geo-location • Content Access Control • Trust management at the network layer
8/1/17
21
CCN:quickrecapPRODUCER• Announcesnameprefixes• Namesandsignscontentpackets• Injectscontentintothenetworkbyansweringinterests
CONSUMER• Generatesinterestpacketsreferringtocontentbyname• Receivescontent,verifiessignature,decryptsifnecessaryROUTER• Routesinterestsbasedon(hierarchical)nameprefixes–inherentlymulIcast• RememberswhereInterestscamefrom(PIT),returnscontentalongsamepath• OpIonallycachescontent(inCS)• OpIonallyverifiescontentsignatures
(1)beforeforwarding,(2)beforecaching,or(3)wheneverithasIme 41
Some Recent & Ongoing Work on CCN Security/Privacy
42
• Anonymouscontentretrieval:ANDaNA/AC3N• DoS/DDoS:
• Contentpoisoningcountermeasures• InterestfloodingmiIgaIon
• PrivacyofRouter-SideCaching• Covertchannels&Geo-locaIon• SecurecontentfragmentaIon• NDNsecurityinnon-distribuIveserngs(e.g.,sensing,actuaIon)• Network-LayerTrustManagement• SecureContentDeleIon• SecureAccounIng• DataPrivacy• NetworkNames• PIT-lessCCNDesign• SecureContentDeleIon• ContentAccessControl• NACKsandtheirSecurityImplicaIons
8/1/17
22
Name Privacy and Anonymous Content
Retrieval in CCN
Why Name Privacy? CCN names are expressive and meaningful, but…• Leak information about requested content• Easy to filter/censor content, e.g., block everything like:
/CCN/cnn/world-news/russia
However:
• CCN names are opaque to the network
• Routers only need to know name component boundaries – “/”
• Names can carry binary data
8/1/17
23
ANDaNA: Anonymous Named Data
Networking Application
• Observers close to consumer should not learn what content is being requested
• Target: low-to-medium-volume interactive communication
• Producers might not be aware of ANDaNA
[DGTU-NDSS2012]
/OR1 /OR2
?/nytimes.com/today
ANDaNA
8/1/17
24
/OR1 /OR2
ANDaNA
/OR1 /OR2
?/nytimes.com/today
ANDaNA
8/1/17
25
/OR1 /OR2
?/nytimes.com/today
ANDaNA
/OR1 /OR2
?/nytimes.com/today
ANDaNA
8/1/17
26
/OR1 /OR2
ANDaNA
/OR1 /OR2
ANDaNA
8/1/17
27
/OR1 /OR2
ANDaNA
ANDaNA
Privacy with 2 hops comparable to Tor with 3 – Why? Lack of source address in interests – Anonymizing routers do not learn origin of traffic (only the
previous hop) – Lower overhead
8/1/17
28
Cache Privacy in
CCN
CCN Cache Privacy
• Router content caching is good for performance
• Better bandwidth utilization • Lower latency
• But… bad for privacy – Timing attacks – Cache harvesting attacks
8/1/17
29
• Who could the adversary be?
• Another host or router
• A malicious application on victim’s device
• Where could the adversary be?
• Near consumer, e.g., on the same LAN/WLAN segment
• Near producer (opposite sides of first hop router)
• In both places at once
Cache Privacy
Scenario 1: Victim=Consumer
Consumer Producer Interest Interest Interest Interest
Adversary
/CCN/org/wikileaks/2012/july/31
8/1/17
30
Scenario 2: Victim=Producer
Consumer Producer Interest Interest Interest Interest
Adversary
/CCN/org/wikileaks/2012/july/31
Scenario 3: Victims=Both
Alice Bob
Adversary Adversary Are Alice and Bob talking?
Recall: consumers must verify content signatures Therefore, Alice & Bob must first fetch each other’s PK
8/1/17
31
Countermeasures
• Do not cache content at all • Bad idea…
• Cache and delay • Which content? Who decides? • How long to delay?
Countermeasures • Two types of traffic:!
• Private!• Non-private!
• Who should dictate privacy?!• consumer, producer, router?!
• Two communication types:!• Low-latency (interactive) traffic!
• Use unpredictable content names!• Content distribution traffic; see paper for details (IEEE ICDCS’13)!
• Random delay!• Content-specific delay!
• Privacy bit in header of interests and/or content?!
8/1/17
32
DoS/DDoS in CCN
DoD/DDoS Resistance?
Some current DoS+DDoS attacks become irrelevant: • Content caching mitigates targeted DoS
• Content is not forwarded without prior PIT state set up by interest(s)
• Multiple interests for the same content are collapsed
• Only one copy of content per “interested” interface is returned
• Consumer can’t be “hosed” with unsolicited content >>> THIS IS AN IMPORTANT ADVANTAGE OF CCN!!!
8/1/17
33
DoS/DDoS • Attacks on infrastructure
• Loop-holing/black-holing
• Interest flooding
• Router resource exhaustion
• Attacks on consumers & router caches
• Content flooding
• Cache pollution
• Content/cache poisoning
Interest Flooding
Adversarygeneratesnumerousnon-sensicalinterests,e.g.:
/CCN/us/ca/uc/uci/cs/gene.tsudik/random-string
• Guaranteedtoreachtheproducer
• Consumespreciousrouterresources(PITentries)
• IFadackaffectsbothroutersandproducers
AnylegiPmateproducerprefix
8/1/17
34
Interest Flooding PotenIalcountermeasures:
1. UnilateralratelimiIng/throdling
• ResourceallocaIondeterminedbyrouterstate
2. CollaboraIveratelimiIng/throdling
• RouterspushbackadacksbyinteracIngwithneighbors
Openproblem:sofar,nodeterminisIccountermeasure!
Content Poisoning
1. Adversaryonthepathtoproducer(e.g.,arouter)– Interceptsgenuineinterest,replieswithfakecontent
– Contentsedlesinrouters
2. AdversaryNOTonthepathtoproducer– AnIcipatesdemandforcontent
– Issuesowninterest(s),replieswithfakecontent
– Contentsedlesinrouters
8/1/17
35
Content Poisoning PotenIalcountermeasures:
• SignatureverificaIoninrouters?
• Consumerfeedback?
• ASegressrouterverificaIononly?
BTW:whatis“fake”content?
• Badsignature(failsverificaIon),
• Badsigningkey
70
• CCNmainobjecIveiscontentdistribuIon• Facilitatedbycaches+PITsinrouters
• Consumermustverifycontentsignatures• But…howtoflushfakecontentfromroutercaches?• CCNallowsexclusionfiltersininterests(byhash)
o Canbeused,withverylimitedefficacyo ImmediateflushèDoSo Verifyingsignaturesèexpensive+anotherDoStype
• ConsumerauthenIcaIoncontradictsinterestopacity
8/1/17
36
71
• Aproducer’spublickeyisatypeofcontent,i.e.,apublickeycerIficate(PKC)• Reminder:aconsumerdoesn’tneedakey
• Containsauthorizednameprefixesunderwhichcontentcanbepublished
• Bindsthemtoapublickey • For example:
/ccn/cnn/usa/web/key /ccn/verisign/europe/key /ccn/us/ca/edu/uc/uci/cs/gene.tsudik/key
71
72
Tworeasons:• Ambiguousinterests• Nounifiedtrustmodel:applicaIonsarediverse&dynamic
AXIOM:Network-layertrustandcontentpoisoningareinseparableRoutersshoulddominimalwork:
• Notverify/fetchpublickeys(exceptforrouIng)• Dobounded,fixedamountofworkpercontent
• e.g.,verifyatmostonesignature
8/1/17
37
73
IKB:Aninterestmustreflectthetrustcontextoftheconsumer’sapplicaPon,thusmakingit(easily)enforceableatthenetworklayer
IKB(CCN):Aninterestmustreflectthepublickeyofthecontentproducer
74
• MakePublisherPublicKeyDigest(PPKD)fieldmandatoryineveryinterest
• Consumersobtainandvalidatekeys,using• Pre-installedrootkeys• KeyNameService(KNS)• Globalsearch-basedservice
IKB(CCN):Aninterestmustreflectthepublickeyofthecontentproducer
8/1/17
38
75
• Producer:o Includespublickeyineachcontent’s
KeyLocator field
• Router:o MatchesKeyLocatordigesttoPPKDinPITo VerifiessignatureusingKeyLocator o Nofetching,storing,parsingofpublickeysàNote:PITentrycollapsingtakesPPKDintoaccount
76
CLAIM:AdherencetoIKBèsecurityagainstcontentpoisoning
• Assume:o AllnodesabidebyIKBo Consumernotmaliciouso Consumer-facingrouters–notmaliciouso Consumerßàfirst-hoprouterlinknotcompromised
8/1/17
39
77
• ConsumersendsinterestcontainingPPKD• Routerensuresthat:
o ValidcontentsignatureusingkeyinKeyLocatoro DigestofKeyLocatormatchesPPKDinPIT
• Consumer-facingrouternotmaliciousèonlypossibilityofpoisonedcontentisifahashcollisionoccurs
Whatifupstreammaliciousrouterssendfakecontent:• Consumer-facingrouterdetectsanddropsit
78
• Includekeysininterest:ü Savestoragex Requireschangestointerest&contentstructure
• OnlyASborderroutersimplementIKB
ü Bederperformancex PossibleadackswithinAS
But…detectablebyborderroutersNOTE:eachroutermustatleastdoaPPKDmatch
8/1/17
40
79
• Self-CerIfyingName(SCN)o Hashofcontent(includingname)aslastcomponentof
name
• BenignconsumersuseSCNènetworkdelivers“valid”content
• NosignatureverificaIonbyrouters:o Onlyonehashre-computaIon
• Howtogetcontenthashinthefirstplace?
80
Acatalogormanifest:o AnauthenIcated(signed)datastructureo ContainsoneormoreSCN-s,nesIngisarbitraryo AnyauthenIcateddatastructure
o Hashchains,MHTs,skip-lists,etc.o StructureisapplicaIon-specifico UseIKBtobootstrap(i.e.,fetchacatalog)
• SCNobtainedfromacatalog:ü Noaddl.signatureverificaIonbyrouters/consumersü Noneedforproducerstosignindividualcontent
8/1/17
41
81
82
CCNManifestSpecificaIon(InternetDra`)
8/1/17
42
83
1. ContentDistribuIon,e.g.:
o Videostreaming:o OnebigcatalogcontainingSCNsofallsegmentso Or,hashchains(withdata),orMHT,etc.
o Foreexample,Webbrowsing:- HTMLfileasacatalog- ContainsSCNofsub-pages/components- WorksonlyforstaIccontent
84
2. InteracIveTraffic
o Contentgeneratedondemand(real-Ime),e.g.,audio/videoconferencing,
o Catalogsarenotviable
o ContentmustberequestedbyserngPPKDininterest
8/1/17
43
85
• ConsumerobtainshashHofcontentCfromP’scatalog• ConsumergeneratesinterestforC,referringtoH• But,CisnolongeravailableatP• Preceivesinterestand???
• Justdropsit:badforConsumeror:• GeneratesaNACK:routerswilldropitsinceaNACK’s
hashdoesn’tmatchHBoQom-line:needtoaugmentiKBandinterestformattoallowforSCN-carryingintereststosIllrefertoP’spublickeyThiscanbeusedasafallbackifSCNenforcementfails.
Some Recent & Ongoing Work in CCN Security/Privacy
86
• Anonymouscontentretrieval:ANDaNA/AC3N• DoS/DDoS:
• Contentpoisoningcountermeasures• InterestfloodingmiIgaIon
• PrivacyofRouter-SideCaching• Covertchannels&Geo-locaIon• SecurecontentfragmentaIon• NDNsecurityinnon-distribuIveserngs(e.g.,sensing,actuaIon)• Network-LayerTrustManagement• SecureContentDeleIon• SecureAccounIng• DataPrivacy• NetworkNames• PIT-lessCCNDesign• SecureContentDeleIon• ContentAccessControl• NACKsandtheirSecurityImplicaIons
8/1/17
44
87